Suffering from a data breach has become as real as being robbed on the street. The main difference is that your organization’s sensitive data breach may cause a loss of clients and reputation besides monetary losses.
The first step to preventing data breaches is identifying possible threats. Your list of threats mainly depends on your industry and the types of data you store. Keep reading to learn about cyber security threats by industry, data breach statistics, real-life examples of cyber attacks, and, of course, ways to stop malicious actors in your sphere of business.
Which industries are most susceptible to security incidents?
Financial, health, intellectual, and government information are the most likely to be stolen. This determines which industries are most vulnerable to cyber attacks. There’s an ongoing argument about the ranking, but according to the latest insider threat statistics, the five industries most targeted by cyber attackers are:
Other industries such as energy and utilities, accommodation, agriculture, construction, entertainment and media, management, manufacturing, services, technology and software, transportation, and communication also face the risk of inside or outside attackers breaching their important data. All of them are listed in the top industries targeted by cyber attacks in reports, and our advice applies to them as well.
In this article, you’ll find out what methods are commonly used to steal data in the industries that are most vulnerable to cybercrime, what drives attackers, and what data is most likely to be compromised. We also discuss how you can prevent the most common incidents in your organization.
Let’s observe cyber attacks by industry.
Public administration heads the list of the industries most affected by cyber attacks. Government data often ends up stolen for the purposes of financial gain or espionage. Malicious actors can attack government databases to obtain strategic information – for example, Russian state-sponsored hackers breached US defense contractors and stole military and communication infrastructure data from 2020–2022. Another common source of threats to public administrations is hacktivism.
Some breaches can reveal emails of government officials that contain strategic or secret information. For instance, the hack of Michał Dworczyk’s email box in June 2021 led to the leak of 60,000 emails. Presumably, the Russian and Belarusian group Ghostwriter committed the attack, making emails of the right-hand man of the Polish Prime Minister available to the whole world.
The government sector experienced a great increase in security incidents in 2022 compared to the same period in 2021. But authorities are actively trying to improve their cybersecurity and taking actions to prevent cyberattacks, especially government-sponsored. For example, the EU has strengthened its Cyber Diplomacy Toolbox to enhance the prevention, discouragement, and response to cyber attacks against EU institutions.
Healthcare & pharmaceuticals
In 2021, healthcare organizations experienced the most data breaches since 2009. A key motivator for hackers to breach healthcare institutions is financial gain. Stolen records can be used to gain unauthorized access to medical programs or get prescription medications.
The healthcare industry has paid the highest average data breach cost compared to other industries during 2010–2022. The average total cost of a single breach in the healthcare industry in 2022 was $10.10 million, according to the 2022 Cost of a Data Breach Report by the Ponemon Institute.
Human errors were among the most common causes of leaks in healthcare companies affected by cyber attacks. At the same time, malicious intent was no longer among the top three reasons for data breaches in 2022. Misdelivery and loss of data were the most common errors, as stated in the Verizon 2022 Data Breach Investigation Report.
Third-party vulnerabilities were another reason for sensitive data breaches in the healthcare industry. For example, Florida Healthy Kids Corporation had an incident caused by the security vulnerabilities of a third-party vendor
In January 2021, this HIPAA-covered entity reported the exposure of personal information of 3.5 million people. This protected health information was available to hackers for several years. Using breached health plans of the Corporation, attackers stole consumers’ financial information, social security numbers, and other highly sensitive data.
Finance & insurance
Data protection for insurance companies and financial organizations is focused extensively on implementing security best practices required by numerous industry standards. In order to penetrate a bank’s security system, hackers invent elaborate methods.
Most data breach attempts include web application attacks. It’s especially hard to detect and neutralize these attacks because millions of clients use these apps. Data breach threats also pursue financial organizations in the real world: crooks install skimmers and card traps on ATMs or simply steal machines. The Verizon 2022 Data Breach Investigation Report has also found that 27% of data breaches in the finance and insurance sphere can be traced to insider activity.
Financial cybersecurity has a few trends: organizations tend to store information on cloud services and use multi-factor authentication more than they did last year, but they use key management less. While shifting to the cloud, security leaders commonly encrypt most sensitive information and manage cloud security using a zero-trust architecture.
According to the 2022 Cost of a Data Breach Report by the Ponemon Institute, the financial sphere is in second place in terms of average data breach costs in 2022.
Between 2018 and 2022, the financial and insurance spheres experienced more external threats than internal, although the percentage of insider threats continuously grows. At the same time, external threats decreased. Some financial organizations became victims of competitor-hired hackers that committed corporate espionage, or suffered from so-called hacktivists.
Other financial organizations suffered DDoS attacks. For example, in August 2020, DDoS attacks on the New Zealand Stock Exchange stopped its operations for four days. After the incident, the CIO of the stock exchange, David Godfrey, resigned.
This type of hacking has also badly influenced the Travelex currency exchange provider and other financial services. In 2020, DDoS hackers usually demanded 10 or 20 Bitcoins to stop their attacks, which is 10 or 20 times more than they demanded in 2019.
Education & research
The COVID-19 pandemic sparked the rise of hybrid and online education. Many educational institutions that didn’t work online before had to get used to new realities: data storage and usage in the cloud, online documentation and payments, and digital data sources. However, these institutions are now more likely to suffer from a data leak or breach than in the era of physical storage.
The educational sphere is in the top ten on the list of average data breach costs in 2022 according to the 2022 Cost of a Data Breach Report by the Ponemon Institute.
As the Verizon 2022 Data Breach Investigation Report reveals, social engineering took first place among data breach patterns in education, with pretexting being the leading method of social engineering. Attackers use this technique to instigate the fraudulent transfer of funds by luring victims into tricky conversations. Instead of ordinary phishing techniques, this new hacking method uses creative emails to make victims respond as desired.
The most common variety of error that leads to data breaches is the misconfiguration of knowledge databases — specifically, a lack of access controls. Basic web application attacks are also on the list, taking fourth place in the rating.
Data breaches of educational institutions can reveal driver’s license or passport information, accounting information, social security numbers, or bank routing details. For example, in December 2020, sensitive information about the University of California’s employees and students was leaked via a third-party vulnerability. Malicious actors accessed the Accellion file transfer application the university staff was using. A great amount of data about employees, their dependents, beneficiaries, retirees, and participants of university programs was leaked.
Trade has always been subject to fraud. Our digital century brings digital fraud tools to this industry. Retailers suffer from DDoS attacks on their websites and card skimmers in their stores.
The biggest cause of data breaches in the retail industry is low security standards. Retailers rely on third-party organizations to provide security services or don’t bother with security at all. In 2020, 83% of the 30 biggest e-commerce retailers in the USA used third-party services that had at least one critical cybersecurity vulnerability.
Among attack patterns, the pretexting method of social engineering is more common in the retail industry than in others. Hackers create sophisticated scenarios to gain trust and usually provoke people to make money transfers through tricky stories and psychological pressure.
The retail sector experienced a significant increase in its cloud workloads due to the pandemic. For example, 50% of respondents in Sweden and 52% of those in the Netherlands said they had experienced a data breach or failed an audit for cloud data audits (according to the 2022 Thales Data Threat Report).
Some data breaches that affect department store chains lead to the revealing of personal online accounts, credit card numbers (with expiration dates), and passwords.
What can you do to improve cybersecurity across industries?
In the chart below, we highlight ways to help you mitigate the possibility of a data breach.
The Verizon 2022 Data Breach Investigation Report gives the following advice to strengthen cybersecurity in the five industries we’ve reviewed:
1. Provide employees with cybersecurity awareness training. Launch specialized training courses about new social engineering techniques for educational and retail workers who have access to financial transfers. Educate managers about techniques for human error prevention. In such a way, your staff will become informed and act more securely.
With the help of Ekran System, you can show employees warning messages when they try to take an undesired action. You can also use monitoring results to demonstrate mistakes employees make and schemes hackers use to obtain credentials.
2. Provide secure configuration of enterprise software and assets. This helps to protect your sensitive databases and servers, maintain access rights, and keep your security status up to date.
Ekran System also ensures that you can notice all suspicious or unneeded changes to your critical systems in a timely manner. You can customize notifications and alerts regarding actions you want to catch, or you can use automated ones.
3. Deploy an access control management solution. This stops malicious attempts to enter the corporate cloud or on-premises databases. You should also restrict users’ accidental access to databases to prevent data misuse.
You can start effectively controlling privileged access to your critical servers with the Ekran System insider risk management platform. Password management will make it possible to automatically create one-time passwords and rotate them regularly, while the access request and approval workflow will simplify manual access confirmation. Moreover, Ekran System password management functionality provides secondary authentication for users of shared accounts.
4. Deploy account management tools. This practical function will help you be aware of what is going on with any account in real time and control users’ essential decisions.
Use Ekran System’s capabilities to prevent unauthorized access at the point of entry. Take control over users that try to access your sensitive data by confirming users’ identities with multi-factor authentication.
The Enisa Threat Landscape 2022 Report names public administration, finance and insurance, healthcare, and information as those sectors that have suffered the most from internal errors in 2021 and 2022. That’s why Ekran System experts advise you to pay special attention to your employees’ and third parties’ activity. In this regard, consider two important tips:
5. Deploy user activity monitoring functionality
User activity monitoring (UAM) helps you keep a close eye on the actions of any user in your infrastructure. All user sessions are recorded, so you can watch them at any time and get insights into user activity with detailed metadata, including keystrokes. Monitoring user activities and receiving timely notifications about suspicious user actions is a productive way to detect a data breach. Monitoring services revealed 36% of incidents in the finance and insurance industry in 2021.
With Ekran System, if an employee is using suspicious software, connecting to an unauthorized device, trying to access a critical file, or sending sensitive data somewhere, a security officer will be notified about it in real time. After the incident, you can analyze the employee’s actions and export records to a protected file for further investigation.
6. Manage third-party activities
Compromised third-party systems can result in a data breach with an average cost of $4.29 million as per the Enisa Threat Landscape 2021 Report. That’s why it’s important to implement third-party vendor security risk management best practices and manage all accounts, activity, and escalated rights of partners and vendors who may access your sensitive data.
Ekran System effectively mitigates insider and third-party threats in various industries. By deploying third-party vendor monitoring software, you can make all third-party actions on your servers visible and record them online and offline. With a significant shift to cloud work, it’s also advisable to secure the cloud environment by providing visibility into third-party actions in the cloud.
Any company possessing sensitive data is under threat of being breached. The risk is especially high if your company belongs to one of the industries vulnerable to cyber attacks. Analyzing the public, medical, financial, educational, and trade sectors, we found four common patterns of how cybersecurity incidents happen:
- Social engineering
- Miscellaneous errors
- System intrusion
- Basic web application attacks
The first two patterns are connected to insider threats. Employees in this context aren’t malicious actors who want to harm an organization. But they can pose a threat by making inadvertent mistakes or become the victim of a phishing or pretexting scheme. The third and fourth patterns can, among other methods, be performed through a third-party vendor vulnerability.
Whether it’s human error, privilege misuse, third-party vulnerabilities, or credential theft, you can control such risks from one place. User-based risk mitigation platforms like Ekran System will allow you to detect and prevent insider threats in your network in a timely manner.
Our solution will make sure that your company’s procedures comply with the security requirements in your industry.
Want to try Ekran
System? Request access
to the online demo!
See why clients from 70+ countries already use Ekran System.